package net.adamcin.httpsig.ssh.jce;

import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Set;
import net.adamcin.httpsig.api.Algorithm;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/httpsig-ssh-jce-1.3.0.jar:net/adamcin/httpsig/ssh/jce/SSHKey.class */
public final class SSHKey implements FingerprintableKey {
    private static final Logger LOGGER = LoggerFactory.getLogger(SSHKey.class);
    private static final byte[] EMPTY_BYTES = new byte[0];
    private final KeyFormat keyFormat;
    private final KeyPair keyPair;
    private final String fingerprint;

    public SSHKey(KeyFormat keyFormat, KeyPair keyPair) {
        if (keyFormat == null) {
            throw new IllegalArgumentException("keyFormat must not be null");
        }
        this.keyFormat = keyFormat;
        if (keyPair == null) {
            throw new IllegalArgumentException("keyFormat must not be null");
        }
        if (keyPair.getPublic() == null) {
            throw new IllegalArgumentException("publicKey must not be null");
        }
        this.keyPair = keyPair;
        this.fingerprint = keyFormat.getFingerprint(keyPair.getPublic());
    }

    public SSHKey(KeyFormat keyFormat, PublicKey publicKey, PrivateKey privateKey) {
        this(keyFormat, new KeyPair(publicKey, privateKey));
    }

    @Override // net.adamcin.httpsig.api.Key
    public String getId() {
        return this.fingerprint;
    }

    @Override // net.adamcin.httpsig.ssh.jce.FingerprintableKey
    public String getFingerprint() {
        return this.fingerprint;
    }

    @Override // net.adamcin.httpsig.api.Key
    public Set<Algorithm> getAlgorithms() {
        return Collections.unmodifiableSet(new LinkedHashSet(this.keyFormat.getSignatureAlgorithms()));
    }

    @Override // net.adamcin.httpsig.api.Key
    public boolean canVerify() {
        return this.keyPair.getPublic() != null;
    }

    @Override // net.adamcin.httpsig.api.Key
    public boolean canSign() {
        return this.keyPair.getPrivate() != null;
    }

    @Override // net.adamcin.httpsig.api.Key
    public boolean verify(Algorithm algorithm, byte[] bArr, byte[] bArr2) {
        if (bArr == null) {
            throw new IllegalArgumentException("challengeHash cannot be null.");
        }
        if (bArr2 == null) {
            throw new IllegalArgumentException("signatureBytes cannot be null.");
        }
        if (this.keyPair.getPublic() == null) {
            LOGGER.warn("[verify] this identity cannot be used for verification because it lacks a public key.");
        }
        Signature signatureInstance = this.keyFormat.getSignatureInstance(algorithm);
        if (signatureInstance == null) {
            return false;
        }
        try {
            signatureInstance.initVerify(this.keyPair.getPublic());
            signatureInstance.update(bArr);
            return signatureInstance.verify(bArr2);
        } catch (InvalidKeyException e) {
            LOGGER.error("[verify] failed to verify signature due to invalid public key.", e);
            return false;
        } catch (SignatureException e2) {
            LOGGER.error("[verify] failed to verify signature.", e2);
            return false;
        }
    }

    @Override // net.adamcin.httpsig.api.Key
    public byte[] sign(Algorithm algorithm, byte[] bArr) {
        if (bArr == null) {
            throw new IllegalArgumentException("challengeHash cannot be null.");
        }
        if (this.keyPair.getPrivate() == null) {
            LOGGER.warn("[sign] this identity cannot be used for signing because it lacks a private key.");
            return null;
        }
        Signature signatureInstance = this.keyFormat.getSignatureInstance(algorithm);
        if (signatureInstance != null) {
            try {
                signatureInstance.initSign(this.keyPair.getPrivate());
                signatureInstance.update(bArr);
                return signatureInstance.sign();
            } catch (InvalidKeyException e) {
                LOGGER.error("[sign] failed to sign challengeHash due to invalid private key.", e);
            } catch (SignatureException e2) {
                LOGGER.error("[sign] failed to sign challengeHash.", e2);
            }
        }
        return EMPTY_BYTES;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        SSHKey sSHKey = (SSHKey) obj;
        if (!this.fingerprint.equals(sSHKey.fingerprint) || this.keyFormat != sSHKey.keyFormat) {
            return false;
        }
        if (this.keyPair.getPrivate() != null) {
            if (!this.keyPair.getPrivate().equals(sSHKey.keyPair.getPrivate())) {
                return false;
            }
        } else if (sSHKey.keyPair.getPrivate() != null) {
            return false;
        }
        return this.keyPair.getPublic() != null ? this.keyPair.getPublic().equals(sSHKey.keyPair.getPublic()) : sSHKey.keyPair.getPublic() == null;
    }

    public int hashCode() {
        return (31 * ((31 * ((31 * this.fingerprint.hashCode()) + this.keyFormat.hashCode())) + (this.keyPair.getPublic() != null ? this.keyPair.getPublic().hashCode() : 0))) + (this.keyPair.getPrivate() != null ? this.keyPair.getPrivate().hashCode() : 0);
    }
}
